Escape sourcegraph query arguments

Includes module import workaround for microsoft/vscode#130367 and microsoft/TypeScript#43329 🤯

packages/core/src/dependencies/sourcegraph.ts

@@ -1,6 +1,6 @@
 import { strict as assert } from 'assert'
-import _ from 'lodash'
 import { gql, GraphQLClient } from 'graphql-request'
+import _ from 'lodash'
 import normalizePackageData from 'normalize-package-data'
 
 import { Dependency, DependencySearcher } from './base'
@@ -133,15 +133,16 @@ class SourcegraphClient {
 
         const queryArgs: Record<string, string> = {
             'select': 'file',
-            'file': 'package.json',
+            'file': 'package\\.json',
             '-file': 'node_modules/',
             'count': `${limit || this.maximumLimit}`
         }
+        // Workaround for https://github.com/microsoft/vscode/issues/130367 and https://github.com/microsoft/TypeScript/issues/43329 🤯
+        const dynamicImport = new Function('moduleName', 'return import(moduleName)')
+        const escapeRegexp: (regex: string) => string = (await dynamicImport('escape-string-regexp')).default
+        const query = `"${escapeRegexp(packageName)}": ` + Object.entries(queryArgs).map(([key, value]) => `${key}:${value}`).join(' ')
         const response = this.documentSpecifier.protoResponse
-        console.log("query", `"${packageName}": ` + Object.entries(queryArgs).map(([key, value]) => `${key}:${value}`).join(' '))
-        Object.assign(response, await graphql.request(this.documentSpecifier.document, {
-            query: `"${packageName}": ` + Object.entries(queryArgs).map(([key, value]) => `${key}:${value}`).join(' ')
-        }))
+        Object.assign(response, await graphql.request(this.documentSpecifier.document, { query }))
 
         const results = response.search.results
         if (results.timedout.length) {